The best answer is C. Chain of custody.
Chain of custody is the documented process used to track forensic evidence from the moment it is collected until it is presented, stored, transferred, or disposed of. It records:
who handled the evidence
when it was handled
where it was stored
how it was transferred
how its integrity was preserved
This is critical to ensure the evidence remains credible and admissible.
Why the other options are incorrect:
A. Acquisition of evidenceAcquisition refers to collecting or imaging evidence, but it does not specifically cover the full documentation of handling over time.
B. E-discoveryE-discovery relates to identifying and producing electronically stored information for legal matters, not specifically preserving forensic handling records.
D. Forensic tabletop exercisesThese are discussion-based practice activities, not evidence handling procedures.
From a Security+ perspective, preserving and documenting forensic evidence handling is the definition of chain of custody.
Submit